Skip to main content
Audit

Audit  Audit of the Massachusetts Convention Center Authority

Our office conducted a performance audit of the Massachusetts Convention Center Authority (MCCA) for the period January 1, 2021 through December 31, 2022. When examining MCCA’s procurement and employee complaint practices, we extended the audit period back through January 1, 2018.

Organization: Office of the State Auditor
Date published: August 19, 2024

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of the Massachusetts Convention Center Authority (MCCA) for the period January 1, 2021 through December 31, 2022. When examining MCCA’s procurement and employee complaint practices, we extended the audit period back through January 1, 2018.

The purpose of our audit was to determine the following:

  • whether MCCA had a process in place to ensure that it met the fiscal years 2021 and 2022 benchmarks set by the Supplier Diversity Office (SDO) for contracting with minority-owned,1 woman-owned, and veteran‑owned businesses;
  • whether, when procuring goods and services, MCCA adhered to its “Procurement, Purchasing and Payment Policy and Guidelines” and Section 12 of Chapter 30B of the General Laws for purchases of $10,000 or more;
  • whether MCCA developed event safety plans for ballroom events at the Boston Convention & Exhibition Center (BCEC) and the John B. Hynes Veterans Memorial Convention Center, referred to in this report as the Hynes Convention Center, in accordance with MCCA policies and Section 20.1.5.6.1 of the Massachusetts Comprehensive Fire Safety Code;
  • whether MCCA developed event safety plans for non-ballroom events at the BCEC, the Hynes Convention Center, and the Lawn on D Powered by Citizens Bank, referred to in this report as the Lawn on D, in accordance with MCCA policies;
  • whether MCCA addressed non-union employee complaints dating back to January 1, 2018 in accordance with its “Non‑Discrimination/Non-Harassment Policy”; and
  • whether MCCA followed a process when determining whether to enter into, and when reviewing and finalizing, non-union employee settlement agreements dating back to January 1, 2018.

Below is a summary of our findings, the effects of our findings, and our recommendations, with links to each page listed.

  
Finding 1
 		MCCA did not ensure that it met the annual benchmarks for diverse supplier spending set by SDO.
EffectBecause MCCA did not have a process for meeting SDO’s benchmarks, MCCA’s ability to evaluate and improve the effectiveness of its efforts to promote diversity in its procurement process was limited.
Recommendations
 
  1. MCCA should develop, document, and implement policies and procedures to effectively monitor, and communicate to its board of directors, the extent to which it achieves its annual benchmarks for diverse supplier spending.
  2. MCCA should use established policies to track diversity spending throughout the year.
  3. MCCA should involve its chief diversity officer in the procurement process to help support an inclusive and equitable business environment.
  4. MCCA should collaborate with SDO to ensure increased accountability.
Finding 2
 		MCCA could not demonstrate that it obtained original quotes for all purchases between $10,000 and $50,000.
EffectCircumventing the procurement process may result in, and itself may constitute, inappropriate or illegal behavior on the part of public officials. This matter has been referred to appropriate officials for further review. If MCCA does not obtain and retain original quotes from vendors, then it cannot be sure that it awards contracts to the most appropriate vendors at the lowest available cost. This also risks wasting public resources, elevates risk for potential bid splitting, increases the possibility of ethical violations, etc.
Recommendations
 
  1. MCCA should retain evidence of all quotes received for purchases between $10,000 and $50,000.
  2. MCCA should implement sufficient monitoring controls to ensure that original quotes from vendors are obtained and retained.
  3. MCCA should modify its “Procurement, Purchasing and Payment Policy and Guidelines” to require compliance in full with Chapter 30B of the General Laws.
  4. MCCA’s board of directors should exercise appropriate oversight of MCCA management to ensure the agency’s compliance with procurement, ethics, and all other applicable laws.
Finding 3
 		MCCA did not follow its procurement policies when entering into a media contract for over $100,000.
EffectCircumventing the procurement process may result in, and itself may constitute, inappropriate or illegal behavior on the part of public officials. If MCCA does not put contracts out to bid, then there is an increased risk that MCCA may not award contracts to the most appropriate vendor offering the lowest price; this risks wasting public resources. Additionally, circumventing the procurement process may lead to unfair or inappropriate behavior in the procurement process. We have referred this matter to appropriate officials for further review.
Recommendations
 
  1.  MCCA should always follow its purchasing process by advertising and documenting procurements of $50,000 or more.
  2. MCCA should follow its existing policy and ensure that its procurement department is involved during the process for every procurement of $50,000 or more.
  3. MCCA should review all of its existing procurements to ensure they comply with its policy.
  4. MCCA should modify its “Procurement, Purchasing and Payment Policy and Guidelines” to require compliance in full with Chapter 30B of the General Laws.
  5. MCCA’s board of directors should exercise appropriate oversight of MCCA management to ensure the agency’s compliance with procurement, ethics, and all other applicable laws and review all of its existing procurements to ensure they comply with its policy.
Finding 4
 		MCCA entered into vendor contract extensions without approval from its board of directors.
EffectCircumventing the procurement process may result in, and itself may constitute, inappropriate or illegal behavior on the part of public officials. By extending contracts past the allowable three-year period, without board approval, MCCA cannot regularly ensure that it receives services from the most appropriate vendors that offer the required goods or services at the lowest available price. Additionally, by not requesting new proposals or inviting new bids for these contracts, MCCA may have missed opportunities to hire and work with diverse vendors. Failing to secure appropriate approvals for contract extensions, particularly those that exceed the $250,000 threshold, may also place contractors at risk of not receiving payment because these contracts may be unenforceable. Not only does this cause potential harm to contractors, it also places taxpayer funds at risk.
Recommendations
 
  1.  MCCA should request and secure approval from its board of directors for vendor contract extensions to ensure compliance with Section 35 of Chapter 190 of the Acts of 1982, as well as MCCA Bylaws.
  2. MCCA should always follow Chapter 30B of the General Laws relative to the number of extensions and maximum term length for contracts, regardless of the contract’s dollar value instead of only “generally” following Chapter 30B, which leaves room for potential waste, fraud, and abuse. As such, MCCA should modify its “Procurement, Purchasing and Payment Policy and Guidelines” to require compliance in full with Chapter 30B of the General Laws.
Finding 5
 		MCCA could not ensure that it sent and retained pre-event security surveys to meet client needs in a consistent, fair, and equitable manner.
EffectIf MCCA does not send and retain pre-event security surveys there is an increased risk, actual and/or perceived, that MCCA may not be addressing client needs consistently, fairly, and equitably.
Recommendations
 
  1. MCCA should ensure it sends pre-event security surveys to clients and retains this documentation.
  2. MCCA should retain all pre-event security surveys completed by its clients in a central, accessible location.
  3. MCCA should ensure that its information technology systems support record retention and retrieval to facilitate data analysis, audit, investigations, and other required business processes.
  4. MCCA should engage with the Secretary of the Commonwealth’s supervisor of public records on this matter to ensure compliance with the Commonwealth’s public records laws and applicable records retention schedules.
Finding 6
 		MCCA did not have an adequate process for handling employee complaints.
EffectIf MCCA does not have an adequate process for handling employee complaints regarding personnel issues, it may not identify trends in employee complaints or ensure that all employee complaints are addressed and handled in a consistent, timely, and appropriate manner.
Recommendations
 
  1.  MCCA should develop, document, and implement internal controls over the process of handling employee complaints that would include the tracking and documentation of complaints.
  2. MCCA should create and retain a centralized list of complaints to ensure that all complaints are addressed in a consistent, timely, and appropriate manner.
Finding 7
 		MCCA  did not have a transparent or accountable process related to non-union employee settlement agreements, including those containing non-disclosure, non-disparagement, or similarly restrictive clauses.
EffectIf MCCA does not have a transparent and accountable process to handle employee settlement agreements, especially with those containing non-disclosure, non-disparagement, or similarly restrictive clauses, it cannot ensure that employee settlements are handled in an ethical, legal, or appropriate manner. If the MCCA board of directors does not ensure appropriate oversight regarding employee settlements, the well-being and financial stability of MCCA and its employees may be negatively impacted. Furthermore, public dollars could be abused to cover up harassment, discrimination, and other forms of misconduct, while protecting perpetrators of abuse in MCCA.
Recommendations
 
  1.  MCCA should develop, document, and implement a policy related to employee settlement agreements.
  2. To help increase transparency and accountability, MCCA should track and document all complaints that result in payments and the use of non-disclosure, non-disparagement, or similarly restrictive clauses in employee settlement agreements. This should be done both within respective personnel files and a centralized list.
  3. To help increase accountability, MCCA should assign an agency attorney or staff member to handle and monitor claims and employee settlement agreements.
  4. To help increase transparency and accountability, MCCA should seek and obtain approval from its board of directors prior to executing employee settlement agreements and any non-disclosure, non-disparagement, or similarly restrictive clauses in its agreements.
  5. As a best practice, MCCA should file all monetary employee settlement agreements with the Office of the Comptroller of the Commonwealth, in accordance with Section 5.00 of Title 815 of the Code of Massachusetts Regulations.
Finding 8
 		MCCA executed an employee settlement agreement exceeding $250,000, in violation of Chapter 190 of the Acts of 1982 and Massachusetts Convention Center Authority Bylaws.
EffectIf MCCA does not have a transparent and accountable process to handle employee settlement agreements, especially with those containing non-disclosure, non-disparagement, or similarly restrictive clauses, it cannot ensure that employee settlements are handled in an ethical, legal, or appropriate manner. If the MCCA board of directors does not ensure appropriate oversight regarding employee settlements, the well-being and financial stability of MCCA and its employees may be negatively impacted. Furthermore, public dollars could be abused to cover up harassment, discrimination, and other forms of misconduct while protecting perpetrators of abuse in MCCA.
Recommendations
 
  1. MCCA should develop, document, and implement a policy related to employee settlement agreements.
  2. To help increase transparency and accountability, MCCA should seek and obtain approval from its board of directors before executing employee settlement agreements and any agreement that includes non-disclosure, non-disparagement, or similarly restrictive clauses.
  3. To help increase transparency and accountability, MCCA should track and document all complaints that result in payments and the use of non-disclosure, non-disparagement, or similarly restrictive clauses in employee settlement agreements. This should be done both within respective personnel files and a centralized list.
  4. To help increase accountability, MCCA should assign an agency attorney or staff member to handle and monitor claims and employee settlement agreements.
  5. MCCA, its executive director, and its employees should comply with the law and all agency bylaws.
  6. MCCA’s board of directors should provide appropriate oversight of personnel and the powers it has delegated to its employees.
Finding 9
 		MCCA is missing certain information system general controls2 over its procurement system.
EffectIf MCCA does not conduct reviews of user access rights, it has an elevated risk of exposure to unauthorized access. If MCCA does not ensure that its employees complete initial and annual refresher cybersecurity awareness trainings, it is exposed to an increased risk of cyberattacks and financial and/or reputational losses.
Recommendations
 
  1.  MCCA should maintain certificates of completion of cybersecurity awareness training for all of its employees in their respective personnel files and/or on a centralized list.
  2. MCCA should conduct and document user access reviews at least twice per year.

In addition, we identified issues regarding the advertising for art commissions, Certificates of Receipt of Conflict of Interest Law materials, and Conflict of Interest Law training completion (see Other Matters).

Furthermore, during the course of our audit, we made several observations that raised concerns regarding potential violations of different state laws, including Chapter 190 of the Acts of 1982, Chapter 268A of the General Laws, Chapter 30B of the General Laws, Chapter 66 of the General Laws, and Chapter 30 of the General Laws. We have referred these instances to external agencies for their investigation and potential enforcement:

  • Media Contract—This matter was selected in our testing sample and was also separately referred to us for review by stakeholders interviewed as part of our audit planning process. Our analysis indicates that this agreement lacked any procurement process and raised questions about contract validity, equity, access, and ethics. We have referred this matter to the Office of the Attorney General and the State Ethics Commission for their review and potential enforcement.
  • Procurements—A number of procurements reviewed in this audit lacked documentation, though MCCA stipulated that a procurement process was followed. Accepting this stipulation as fact, procurement documentation would therefore have existed, and those documents should have been retained. This lack of documentation raises concerns regarding records retention and procurement processes in general. We have referred these concerns to the Secretary of the Commonwealth’s supervisor of records and other appropriate enforcement agencies3 for their review and potential enforcement.
  • Pre-event security surveys—MCCA failed to retain pre-event security surveys in the majority of instances examined in our audit. This raises concerns regarding records retention. We have referred these concerns to the Secretary of the Commonwealth’s supervisor of records for their review and potential enforcement.

Post-Audit Activity

More recently, the interim executive director at MCCA hired an outside law firm to examine the bid process for the development of parcels on D Street and E Street. The firm provided a report to MCCA which found that “MCCA leadership did not maintain appropriate controls. Competitively sensitive information was not shared equally between the bidders.” (Jon Chesto, “MCCA to Halt Development Plans for Southie Land after Prior Leadership Shared Info with One Bidder,” The Boston Globe, March 27, 2024.)

The external report was presented to the MCCA board on March 28, 2024, and the board ultimately voted to reject all pending proposals and cancel the request for proposals associated with the development of the properties on D and E Streets. (The Editorial Board, “Governor Seeks Role for Convention Centers that Goes Beyond Putting ‘Heads on Beds,’” The Boston Globe, April 4, 2024.)

The OSA requested this report under public records law while we were finalizing our review. MCCA declined to provide a copy of this report to our office, citing attorney-client privilege. The OSA adheres to the doctrine of attorney-client privilege; therefore, this matter has been referred to the Secretary of  the Commonwealth's supervisor of records for further review.


 


 

1.    According to the Supplier Diversity Office Comprehensive Annual Report Fiscal Year 2022, SDO defines a minority-owned business “as a business that is owned by a racially or ethnically diverse individual. While the [term is] meant to define an ethnically or racially diverse individual or business . . . [it is] not meant to denote a smaller or lesser status of the individuals or businesses included in this definition.”

2.    Information system general controls are the policies and procedures that apply to an agency’s information system, which help ensure the proper operation of the system. These controls assure management and stakeholders of the reliability of the information system and the data residing in it.

3.    This referral to other appropriate enforcement agencies is related to the validity of the contracts.

Table of Contents

Downloads

Contact

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133
Directions 

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback